AAPL Stock: 117.81 ( -0.22 )

Printed from

Safari 5.0.1, 4.1.1 security fixes include AutoFill patch

updated 11:45 am EDT, Wed July 28, 2010

Closes major security hole

The Safari 5.0.1 update -- and the corresponding v4.1.1 update for Tiger -- finally fix a serious AutoFill vulnerability, an Apple security note reveals. Using a carefully-crafted site and JavaScript, vulnerable versions of Safari can be tricked into entering and sending personal information without consent. Knowledge of the threat has allegedly been in the public domain for about a year, but until now not dealt with by Apple.

The upgrades also solve a problem with RSS feeds, which could be used to trigger uploads to a remote server. All other security improvements are directed at the WebKit engine, which could potentially be exploited through holes in handling of JavaScript, expressions, SVG files, CSS counters and other elements.

The Safari 4.1.1 update applies only to Mac OS X 10.4.11, and is a 29.53MB download.

by MacNN Staff



  1. testudo

    Joined: Dec 1969


    I wonder

    Gee, do you think this autofill issue was fixed because the guy made it public, or it took them this long to actually address the issue (which has actually been around for a while in various forms)?

Login Here

Not a member of the MacNN forums? Register now for free.


Network Headlines

Follow us on Facebook


Most Popular


Recent Reviews

Ultimate Ears Megaboom Bluetooth Speaker

Ultimate Ears (now owned by Logitech) has found great success in the marketplace with its "Boom" series of Bluetooth speakers, a mod ...

Kinivo URBN Premium Bluetooth Headphones

We love music, and we're willing to bet that you do, too. If you're like us, you probably spend a good portion of your time wearing ...

Jamstik+ MIDI Controller

For a long time the MIDI world has been dominated by keyboard-inspired controllers. Times are changing however, and we are slowly star ...


Most Commented